Skip to content

security: harden s1-secops MCP server and monitor plugins#73

Merged
jham-s1 merged 3 commits into
Sentinel-One:mainfrom
pmoses-s1:fix/mcp-ssrf-origin-guard-and-monitor-pip
Jul 7, 2026
Merged

security: harden s1-secops MCP server and monitor plugins#73
jham-s1 merged 3 commits into
Sentinel-One:mainfrom
pmoses-s1:fix/mcp-ssrf-origin-guard-and-monitor-pip

Conversation

@pmoses-s1

@pmoses-s1 pmoses-s1 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Security hardening for the s1-secops MCP server and the Scalyr monitor plugins, plus a small README update.

Changes

  • mcp/s1-secops-mcp/lib/s1.js — validate and origin-pin the API path across all verbs.
  • mcp/s1-secops-mcp/tools/mgmt-console.js — constrain the s1_api_* path schema.
  • mcp/s1-secops-mcp/lib/http-transport.js — add Origin/Host validation in no-auth mode.
  • monitors/ — remove runtime pip install; add pinned requirements.txt; README updated.
  • README.md — add a SentinelOne SecOps skills section (8 skills).

Tests
cd mcp/s1-secops-mcp && npm test → 34/34 pass.

…tall RCE

Addresses three triaged High findings against ai-siem (Mythos GUIDs
019eff58, 019eff5a, 019eff60).

MCP server (mcp/s1-secops-mcp), synced from claude-skills master:
- s1.js: add safeUrl() — require a single leading '/' and pin the resolved
  origin to the configured console, so an LLM-supplied path can no longer
  redirect the request (and the tenant ApiToken) to an attacker host
  (@evil / .evil / //evil / backslash variants). Applied to all five verbs.
- mgmt-console.js: add ^/web/api/v2.1/ pattern to each s1_api_* path schema.
- http-transport.js: in no-auth mode, reject any browser Origin and validate
  the Host header (DNS-rebind guard). Auth/proxy path unchanged.
- tests: add ssrf-path and http-origin-guard suites (34/34 pass).

Monitors (monitors/):
- maxmind.py, powerquerymonitor.py: remove runtime 'pip install' from
  _initialize() (ran as root on every agent restart; CWE-494/829).
- log_gen.py: delete dead install_dependencies() helper.
- add pinned requirements.txt; README instructs a one-time hash-verified install.
@pmoses-s1 pmoses-s1 changed the title security: fix SSRF token exfil, HTTP CSRF/rebind, and monitor pip-install RCE (Mythos 019eff58/5a/60) security: harden s1-secops MCP server and monitor plugins Jul 7, 2026

@jham-s1 jham-s1 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just helping out and approving this change

@jham-s1 jham-s1 merged commit ec25a28 into Sentinel-One:main Jul 7, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants